Network Security and Privacy

Course description

CS 378 - Network Security and Privacy (54315)

Spring 2009

Course description

This course focuses on basic concepts in network security. It aims to introduce students to the fundamental techniques used in implementing secure network communications, and to give them an understanding of common threats and attacks, as well as some practical experience in attacking and defending networked systems. This is not a course in cryptography, nor a comprehensive course in systems security.

Syllabus

Basics of cryptography:
cryptographic hash functions, symmetric and public-key encryption
Authentication and key establishment
Buffer overflow attacks
Web security
Internet worms, viruses, spyware
Spam, phishing, botnets, denial of service
TCP/IP and DNS security
Firewalls and intrusion detection systems
Wireless security

Late submission policy for take-home assignments is here.

Course materials

Kaufman, Perlman, and Speciner's Network Security (2nd edition) is required. ISBN for this book is 0130460192.
Ross Anderson's Security Engineering (2nd edition, ISBN 0470068523) and The Shellcoder's Handbook (ISBN 0764544683) are recommended. The Art of Intrusion (ISBN 0471782661) is another fun read.
Selected reading materials will be made available as the course progresses.

Prerequisites

CS 310/336 is required.
CS 375 (Compilers), CS 356 (Computer Networks), CS 346 (Cryptography) and CS 361 (Intro to Computer Security) are recommended, but not required.
Projects will involve implementing attack code to exploit buffer overflows in C programs and scripting vulnerabilities in Web applications. Working knowledge of C and JavaScript is strongly recommended.